Security News

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked...

A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. The flaws are present in the PXE network boot process, which is crucial for provisioning operating systems in data centers and high-performance computing environments, and a standard procedure for loading OS images from the network at boot.

Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira's security software. A considerable number of Windows 11 and Windows 10 customers have experienced these system freezes, with most linking the issues to Avira.

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack.

According to complaints from Windows admins, the issue is triggered after installing KB5031361 and KB5031364 on Windows Server 2019 and Windows Server 2022 systems. When it released the buggy cumulative updates, the company revised the support document for KB5031364, including and removing a known issue related to VMware ESXi, describing boot issues encountered by guest VMs operating Windows Server 2022 with Secure Boot enabled.

Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. "Devices on firmware below 5.26.202 will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will not be able to access data on their device through mycloud.com and the My Cloud OS 5 mobile app until they update the device to the latest firmware," explains a Western Digital support bulletin.

British Airways, BBC and Boots have all been served an ultimatum after they were hit with a supply-chain attack by the ransomware group Clop. In February 2023, Clop claimed responsibility for a supply-chain attack that affected more than 130 organizations, including data belonging to CHS Healthcare patients.

The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Caitlin Condon, Senior Manager of Security Research at Rapid7, told Help Net Security that the company has responded to MOVEit Transfer alerts across a wide range of organizations, from small businesses to enterprises with tens of thousands of assets.

British Airways, the BBC, and UK pharmacy chain Boots are among the companies whose data has been compromised after miscreants exploited a critical vulnerability in deployments of the MOVEit document-transfer app. Instead, payroll services provider Zellis on Monday admitted its MOVEit installation had been exploited, and as a result "a small number of our customers" - including the aforementioned British trio - had their information stolen.

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections.